[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython

Chris Withers chris at simplistix.co.uk
Mon Nov 19 18:15:18 EST 2007


Philipp von Weitershausen wrote:
> On 19 Nov 2007, at 20:26 , Chris Withers wrote:
>>>> So, I'm guessing RestrictedPython is the one to aim for?
>>> No idea what you need...
>>
>> http://mail.python.org/pipermail/python-list/2007-November/466438.html
> 
> It seems like zope.security does exactly what you need (e.g. user code 
> shouldn't have to import anything as long as you pass proxied objects). 

Indeed, but how do you prevent importing and insecure builtins like 
"open" without RestrictedPython?

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk


More information about the Zope-Dev mailing list